I had a user report to me that they downloaded one of my apps and when they try to run it, they got a message say the app is damaged and can’t be opened. You should move it to the Trash.
This is the first time I received a report like this.
My app is universal binary.
The user said they have a 24" Mac with Mac OS 12.2.1 with Apple M1 Chip.
So I’m not sure if its a complier issue or M1 Mac issue or both or something else.
Ok I tried my app on another Intel Mac and yep and it gets the damaged error message. So did some searching on this and came across some info saying go to Security & Privacy and set "Allow apps downloaded from " to “Anywhere”. This other Mac wasn’t set to anywhere. So I tried that and it “fixed” the problem, at least for me.
That’s not really a fix because a) in modern macOS versions the only two options are “app store” and “app store and identified developers” and b) you can’t really ask users to change a critical security setting like that. It’d be easier to convince them to right-click the app, choose open, and allow the software to run anyway. The only correct solution is to go through the notarization process.
There are a couple of non-notarized apps I use, from trusted sources, where I don’t mind doing the right-click “Open”. But yeah, advising your customers to override Gatekeeper shouldn’t really be a thing.
Just ask the user to open terminal, type in “sudo xattr -cr [space]” and drag and drop Your application on Terminal window then hit Enter followed by amin password. That’s it.
Right click and Open from contextual menu won’t work when an application “is damaged”.
I do frequently update one of my tools and post it on internal server in a company. This “damaged application” thing happens from time to time, randomly, per user. I mean the same application can be downloaded from the same place by several users and just one of them gets “damaged application”. Weird, since I cannot replicate this behaviour to somehow prevent it.
You’re right, I didn’t pay close enough attention. Damaged means a file inside the bundle has changed sometime after the signature was applied. I was talking about notarization, which will say something like “Apple has not checked this for malware.”
This error happens with Mac App Store apps (when testing before submission), I’ve found two reasons.
The receipt validation code within the application doesn’t work correctly.
The receipt validation at Apple’s end doesn’t work correctly.
Last year, we experienced number for a number of months. The only solution was to stop using Apple’s guidelines for the Mac and start following the iOS guidelines. This creates a new problem as iOS receipt validation is asynchronous, so your validation flow must be altered to adopt it.